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An encryption/decryption apparatus enables encrypted communication between two stations each incorporating such an apparatus. 
The apparatus is arranged to generate a set of look-up tables in accordance with a session key and temporarily store these tables in memory 
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APPARATUS FOR GENERATING ENCRYPTION/DECRYPTION LOOK-UP TABLES USING A 

SESSION KEY. 

The present invention relates to arrangements for the 
automatic encryption and decryption of electronically 
transmitted messages, particularly in the fields of telephone, 
facsimile or computer data transmission for example, 
5 The present invention is concerned with providing 

arrangements for encrypting and decrypting messages at high 
speeds yet maintaining a high level of security. 

In accordance with this invention, there is provided an 
encryption/ decryption apparatus to enable encrypted 

10 communication between two stations each incorporating such an 
apparatus, the apparatus being arranged to generate a set of 
look-up tables in accordance with a session key and temporarily 
store said tables in memory, and to convert each successive 
element of a message to a code through use of said look-up 

15 tables. 

It will be appreciated that a fresh session key is used 
for each transmission or session: a fresh set of look-up 
tables is therefore generated at the start of each transmission 
or session. The session key can in fact be changed (and a new 

20 set of look-up tables consequently generated) at intervals 
during the course of each transmission. 

The set of look-up tables can be generated quickly, and 
the procedure to encode each element (e.g. character, bit or 
block) of the message can be carried out quickly yet 

25 maintaining a high level of security. 

Each element of the message may be converted to its 
code by addressing one of the look-up tables, the output of 
which is used to address another of the look-up tables, and so 
on. The conversion procedure may involve at least two look-up 

30 tables being addressed simultaneously and their outputs being 
combined (e.g. added together) . At least one of the tables may 
comprise a pseudo random sequence, the terms (or entries) of 
which are read consecutively, the pointer returning to the 
first term when the last term of the table has been read: the 

35 pointer may start at any predetermined position of the 
sequence. 
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It will be appreciated that for encryption of a message 
by the sender and correct decryption by the recipient, both 
sender and recipient apparatus must use the same session key 
for each transmission (or part thereof) , so that the two 
5 stations can generate corresponding look-up tables. Our 
International patent application PCT/GB94/ 02004 describes one 
arrangement in which a sender apparatus generates a session key 
and the same session key is recreated at the recipient. 

Embodiments of this invention will now be described by 
10 way of examples only and with reference to the accompanying 
drawings, in which: 

FIGURE' 1 is a schematic block diagram of an 
encrypting/ decrypting unit used at each sender/ recipient 
station ; 

15 FIGURE 2 is a schematic flow diagram to explain the 

operation of one form of high speed cypher in accordance with 
the invention; 

FIGURE 3 is a similar flow diagram to explain the 
operation of another form of high speed cypher in accordance 

2 0 with the invention; 

FIGURE 4 is a worked example of an encryption procedure 
performed by an apparatus in accordance with the invention; and 

FIGURE 5 is a worked example of another encryption 
procedure performed by an apparatus in accordance with the 
25 invention. 

Referring to Figure 1, there is shown an 
encryption/decryption unit in accordance with this invention, 
in simplified diagrammatic form. Typically the unit will form 
part of a communications machine (e.g. facsimile machine) . The 

3 0 unit includes an external port 10 for transmitting encrypted 

data to, and receiving encrypted data from, a corresponding 
unit at another station, with which it is desired to 
communicate. The unit also includes a port 12 for the flow of 
data to and from local host equipment. The unit further 

3 5 includes a microprocessor 14 having a program memory 16 and a 
memory 18 for temporarily holding look-up tables which are used 
for encrypting data to be transmitted via the external port 10, 
and for decrypting data received via the external port 10. 

'"""^ For each fresh transmission (or session) between the 
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unit and a coirresponding unit at another station, a new set of 
look-up tables is generated and programmed into the memory 18 
of the two units. Each new set of look-up tables is generated 
in accordance with a new, random session key: the program 
5 memory 16 of the two communicating units stores the same 
algorithm for generating (and subsequently using) the look-up 
tables, so that both units generate the same look-up tables 
from the same session key. One unit acts as sender and 
generates the random session key and sends this in encrypted 

10 form to the other (or recipient) unit: the session key may be 
generated at the sender, and recreated at the recipient, in the 
manner described in our International patent application 
PCT/GB94/ 02004 - As previously noted, the session key can be 
changed at intervals within each transmission (or session) . 

15 Once each new set of look-up tables has been created, 

from the new session key, at the sender and recipient units, 
the encrypted transmission of data can proceed: thus, a plain 
message received at port 12 of the sender unit is encrypted, 
under control of the microprocessor 14 and using the look— up 

2 0 tables, and then transmitted via the data port 10; the 

recipient unit correspondingly receives the encrypted message 
and decrypts it. 

The look-up tables are preferably of the types T,IT, D, 
ID or PR, as will now be described. Each table may have more 
25 than 4000 entries, but the essential character of the different 
types of table can be exemplified as follows using 10 entries 
only - 

A transposition table (Type T) is a table in which 
numbers or characters are in a different order from the 

3 0 original, for example as follows: 

Original order 0123456789 
T Table 4357108692 
The inverse transposition table (Type ID) is the 
inverse of the above in that it restores the original order 
35 when it is applied to the T table: 

0123456789 
IT Table 5491027368 
The displacement table (Type D) is derived from the 
transposition table and gives the positive displacement of each 
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entry in the transposition table from its original position: 
Original order 0123456789 
T Table 4 357108692 ^ 

D Table 4234752913 
5 The inverse displacement table (Type IT) is the 

displacement table corresponding to the inverse transposition 

table. 

A pseudo-random table (Type PR) is composed of pseudo- 
randomly generated numbers in a specified domain: 

10 Domain 0123456789 

PR Table 1448763285 
In a PR table, numbers within the domain may be omitted 
and others duplicated because the choice of entry . at any part 
of the table does not depend on the choice of previous entries. 

15 In the example shown in Figure 2, each successive 

character of the message to be encrypted is referred to a first 
look-up table which may be of any type previously described . 
The output of the first look-up table addresses the second 
look-up table and the output of the second addresses the third 

20 and so on. In this way, a succession of elements {e»g. 
character, bit or block) in the input message is converted to 
a corresponding succession of encrypted outputs from the final 
look-up table, for transmission from the sender to the 
recipient, 

25 The look-up tables of the set may be used in different 

order on different transmissions as a means of increasing the 
complexity of the cypher: alternatively, each element in the 
main message may be converted by addressing two or more look-up 
tables simultaneously and combining (e.g. adding together) 

30 their outputs, as shown in Figure 3. 

In the art of computer programming, reading a look-up 
table requires fewer steps than the multiplication and division 
steps usually carried out in element-by-element encryption, so 
that, once a set of tables has been generated, an algorithm 

35 largely, based on reading tables permits rapid encryption. The 
decryption at the receiver is carried out in a similar manner, 
i.e. by each encrypted element of the received message being 
converted, by a corresponding arrangement of look-up tables, 
to the original element itself. 
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Figure 4 shows an example using a single T table and a 
single PR table. In this example, A=0, B=-l, 2= 25, 

and all additions are modulo 26, After each character of the 
message is transposed by the transposition table, the next 
5 successive term of the PR table is added to provide the 
encryption of the original character. 

Figure 5 shows an example using two D tables. However, 
the first table (Dl) makes one rotary shift (i.e. the lower or 
output line shifts one step to the left) per character of the 

10 message: similarly, the second table {D2) makes one rotary 
shift per 26 characters of the message. Thus, for each 
character, the input and output of the first table (Dl) are 
added together; this result is used to address the second 
table (D2) and is added together with the corresponding output 

15 of the second table (D2) . 

The session key may typically comprise a numerical 
decimal-digit number, for example up to 12 digits long. Many 
ways are known for generating a PR table from such a session 
key. Any convenient way may be used to generate a 

2 0 transposition table from such a session key, and one example 
will be explained with reference to the following table. 
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The session key is set out in the vertical column at 
the extreme right hand side of the table. The successive terms 
35 of the session key (starting at the top of the column) are used 

in successive steps to change the original order (0, 1 

9) given in the top row, to the T table given in the bottom 
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row. In the first step, the term "4" of the session key 
dictates that, in the initial row, the term in column 4 is 
exchanged with the term in column 0 (all other terms in the 
second row remain as in the first row) . In the second step, 
5 the term "1" of the session key dictates that the term in 
column 1 is exchanged with the term in coliamn 1 (with no net 
change in this case) . In the third step, the term "3" of the 
session key dictates that the term in column 3 is exchanged 
with the term in column 2. The procedure progresses in this 

10 manner until, in the final step, the term "0" of the session 
key dictates that the term in column 0 is exchanged with the 
term in the final column. Having thus produced the T table, 
a D table can be generated, each of its terms, being the 
displacement of the T table term from its corresponding 

15 original term. 
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CLAIMS 

1) An encryption/decryption apparatus to enable encrypted 
communication between two stations each incorporating such an 
apparatus, the apparatus being arranged to. .generate a set of 

5 look-up tables in accordance with a session key and temporarily 
store said tables in memory, and to convert each successive 
element of a message to a code through use of said look-up 
tables . 

2) An apparatus as claimed in claim 1, arranged for use of 
10 a fresh said session key at intervals during the course of each 

transmission . 

3) An apparatus as claimed in claim 1 or 2 , arranged to 
convert each element of the message to its said code by a 
procedure which comprises addressing one of the look-up tables 

15 and using the output of that table to address another of the 
look-up tables. 

4) An apparatus as claimed in claim 1 or 2 arranged to 
convert each element of the message to its said code by a 
procedure which comprises addressing at least two of the look- 

20 up tables simultaneously and combining their outputs, 

5) An apparatus as claimed in any preceding claim, in 
which at least one of the look-up tables comprises a 
transposition table. 

6) An apparatus as claimed in any preceding claim, in 
25 which at least one of the look-up tables comprises a 

displacement table. 

7) An apparatus as claimed in any preceding claim, in 
which at least one of the look-up tables comprises a sequence 
the entries of which are read consecutively. 
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